-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HOLD FOR v1.4.2] Pod exec samples; mutation for imagePullSecrets #77
Conversation
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good. minor comments / nits.
best-practices/require_pod_requests_limits/require_pod_requests_limits.yaml
Outdated
Show resolved
Hide resolved
best-practices/restrict_image_registries/restrict_image_registries.yaml
Outdated
Show resolved
Hide resolved
best-practices/restrict_image_registries/restrict_image_registries.yaml
Outdated
Show resolved
Hide resolved
other/disallow_localhost_services/disallow_localhost_services.yaml
Outdated
Show resolved
Hide resolved
All good feedback, thank you. I'll work on them. For generating the website MD, I'm thinking this is the first case where we can merge these into all effective release branches because the policies themselves carry the |
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
@JimBugwadia I think we can go ahead and approve/merge this if you're ok. |
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
@JimBugwadia please provide review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good! a few suggestions.
pod-security/baseline/disallow-adding-capabilities/disallow-adding-capabilities.yaml
Outdated
Show resolved
Hide resolved
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Addressed all feedback. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one minor comment, ready to merge otherwise!
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Closes kyverno/kyverno#2151
Closes kyverno/kyverno#1069
Closes #64
Closes #78
Closes #79
Closes kyverno/kyverno#2189
Closes kyverno/kyverno#2239
Adds:
CAP_NET_RAW
Changes: